Topic: sonatype

New versions of open-source components are being released every day at an overwhelming and alarming pace. According to the open-source governance company Sonatype, approximately 20,000 component updates are made per day, making it near impossible for teams to manually manage dependencies. In addition, open-source projects that are impacted by attacks are difficult to detect because … continue reading

While open-source software is an integral part of software development today, security continues to be an issue. A recently released report revealed a 71 percent increase in open-source security related breaches over the last five years. In addition, 25 percent of organizations reported a confirmed or suspected open-source software related breach. RELATED CONTENT: Open source … continue reading

Sonatype wants to make it easier for developers to have open-source governance with the release of Sonatype DepShield. The solution is a GitHub application that integrates directly within repositories, enabling developers to identify vulnerable open-source components. According to the company, DepShield constantly monitors projects and automatically creates issues when security vulnerabilities are detected. It offers … continue reading

“Why is open source important? That’s like asking why is gravity important,” stated Brian Behlendorf, a leading figure in the open-source software movement, and executive director for the blockchain consortium Hyperledger. While this year marks the 20th anniversary of open source, it is hard to imagine a time before open-source software. Today, it’s difficult to … continue reading

At this point, the concept of DevOps should be familiar to everyone. But with the rise of cybersecurity attacks, organizations have seen the need to incorporate security into the mix. Thus, the idea of DevSecOps. Though the concept and practices were created with the best intentions, the number of cybersecurity attacks continues to rise, which … continue reading

Software is the lifeblood of most businesses today. So, what happens if that software is unreliable or insecure? It seems like a no-brainer that the software being pushed out should be protected. But, as software is being developed and deployed at a rapid pace, an important aspect of the life cycle gets lost in the … continue reading

Sonatype released its third annual State of the Software Supply Chain report, which highlights risks within open source software components. The report also highlights the benefits of managing software supply chain hygiene. “Companies are no longer building software applications from scratch, they are manufacturing them as fast as they can using an infinite supply of … continue reading

The Eclipse Foundation has announced Eclipse Oxygen is now available. The Oxygen release includes 83 projects, 287 committers, and about 71 million lines of code. “We’re proud to announce the arrival of Eclipse Oxygen, the 12th annual simultaneous release from the Eclipse Community,” the foundation wrote. Most notably missing from this release is support for … continue reading

Sonatype, the leader in software supply chain automation, today announced that it has released a new version of Nexus Lifecycle that includes an extension to Microsoft Visual Studio, a popular integrated development environment (IDE). This new Nexus Lifecycle integration empowers millions of Visual Studio developers with direct access to Sonatype’s open source intelligence engine so … continue reading

The DevOps community is struggling with bringing security into the organization and across the software development life cycle (SDLC). However, new research from Sonatype reveals that while companies continue to face breaches, mature development organizations finally realize how critical it is to weave automated security early in the SDLC. Sonatype, a software automation and security … continue reading

Veracode today released its findings from its annual State of Software Security Report, which revealed that the persistent use of components in software development is creating unmanaged risk. The report also found that companies can benefit if they accelerate their application security programs. Veracode found that a single popular component with a critical vulnerability spread … continue reading

Open-source software is being used more than ever, yet practices for sourcing the software are inefficient and vulnerabilities are pervasive, according to a report from supply-chain automation provider Sonatype. The number of open-source component download requests increased to 31 billion in 2015 from 17 billion in 2014, according to the report, which looked at supply … continue reading